On 2014-12-22, Jonathan Thornburg <jth...@astro.indiana.edu> wrote: > However, 'man athn' says >> The athn driver relies on the software 802.11 stack for both >> encryption and decryption of data frames. > > Should I be worried about the CPU loading of software WPA2 crypto > running on the (relatively slow) ALIX Geode processor? That is, is > the software crypto likely to limit the available wifi data rate?
I think the concern is warranted and yes, I expect this to be a bottleneck. I have no experience with that configuration, but I had a broadly comparable setup where a Soekris net5501 (same CPU as the ALIX) did IPsec for a .11g network. With AES-128-CBC + HMAC-SHA1, the box seemed to be able to saturate the wireless link, but it was mostly busy, and it profited from the CPU's glxsb(4) hardware acceleration for AES-128-CBC. With any other mode of encryption, e.g. AES-128-CTR, there just wasn't enough CPU. Doing WPA2 means CCMP (= AES-128-CCM), so no acceleration on the Geode. AES-CCM may turn out to be more efficient than AES+SHA1, or it may not, but I doubt it will save the day. I think you need a box with more CPU. Also note that if kernel crypto monopolizes the CPU, userland processes will be starved. For instance, a nameserver running on the same machine will become unresponsive. -- Christian "naddy" Weisgerber na...@mips.inka.de
